Just thought I would add another point to consider. Authenticators will still not 100% protect you. The code on the authenticator is valid for about 20-30 seconds. Logging into non-official websites using your authenticator can compromise your account, if they are fast enough to log in before the code resets.